pgAudit 1.5.4 commit log

Stamp 1.5.3.

commit   : b5e3d92c56e2cbfa95329e35ebd43da8f1ff667e    
  
author   : David Steele <david@pgbackrest.org>    
date     : Wed, 19 Feb 2025 13:58:09 -0600    
  
committer: David Steele <david@pgbackrest.org>    
date     : Wed, 19 Feb 2025 13:58:09 -0600    

Click here for diff

M Makefile
A pgaudit–1.5.2–1.5.3.sql
R100 pgaudit–1.5.2.sql pgaudit–1.5.3.sql
M pgaudit.control

Add exception for call statement to stack check.

commit   : a4547309100ebd75e48d6a7958c07bc2cf2268de    
  
author   : Alper Kocatas <alperkocatas@gmail.com>    
date     : Tue, 18 Feb 2025 20:42:47 +0300    
  
committer: David Steele <david@pgbackrest.org>    
date     : Tue, 18 Feb 2025 20:42:47 +0300    

Click here for diff

A call statement can be on the stack when another command is executed if the procedure itself contains a cursor. If this happens the user will get a 'pgaudit stack is not empty' error.  
  
Prevent this by allowing call statements on the stack when a new command runs.

M pgaudit.c

commit   : 250d5226874f916770361b798adf291daf0b0b3f    
  
author   : David Youatt <david.youatt@crunchydata.com>    
date     : Mon, 6 Jan 2025 10:27:02 -0500    
  
committer: David Steele <david@pgbackrest.org>    
date     : Mon, 6 Jan 2025 10:27:02 -0500    

Click here for diff

M pgaudit.c

Avoid failures with ENFORCE_REGRESSION_TEST_NAME_RESTRICTIONS.

commit   : 1bb5ddf83782dbb291f52584fdc178e0a013fde8    
  
author   : Michael Paquier <michaelpq@users.noreply.github.com>    
date     : Tue, 19 Nov 2024 23:41:18 +0900    
  
committer: David Steele <david@pgbackrest.org>    
date     : Tue, 19 Nov 2024 23:41:18 +0900    

Click here for diff

Compiling PostgreSQL with -DENFORCE_REGRESSION_TEST_NAME_RESTRICTIONS causes the regression test suite of pgaudit to fail because the roles created do not comply with the upstream rule for role names, where these should be suffixed with "regress_".  
  
The tests fail when creating such non-compliant roles with warnings like this one:  
WARNING: roles created by regression test cases should have names starting with "regress_"  
  
The regression test coverage does not change with the roles renamed, and the expected output is updated accordingly.  

M expected/pgaudit.out
M sql/pgaudit.sql

Fix warnings when -Wmissing-variable-declarations is enabled.

commit   : 1ba9ee9dd2b43138304224bc1699024b883ead4c    
  
author   : Michael Paquier <michaelpq@users.noreply.github.com>    
date     : Tue, 19 Nov 2024 05:37:17 +0900    
  
committer: David Steele <david@pgbackrest.org>    
date     : Tue, 19 Nov 2024 05:37:17 +0900    

Click here for diff

The GUC variables were defined extern but were only used within pgaudit.c so they should be defined as static.  
  
Reviewed by David Steele (@dwsteele).  

M pgaudit.c

Add llvm-toolset to RHEL test container.

commit   : 02e648da1571eb24f57b1e4909df4df877484be2    
  
author   : David Steele <david@pgbackrest.org>    
date     : Mon, 18 Nov 2024 17:46:14 -0500    
  
committer: David Steele <david@pgbackrest.org>    
date     : Mon, 18 Nov 2024 17:46:14 -0500    

Click here for diff

This is now required for build to succeed.  

M test/Dockerfile.rhel

Additional exclusions for .gitignore.

commit   : 56f5dcb9dcf46effce2767bf7fc2039b85d3d0bd    
  
author   : Michael Paquier <michaelpq@users.noreply.github.com>    
date     : Tue, 19 Nov 2024 05:02:41 +0900    
  
committer: David Steele <david@pgbackrest.org>    
date     : Tue, 19 Nov 2024 05:02:41 +0900    

Click here for diff

Add more exclusions to the project's .gitignore, ensuring that unwanted contents are not pushed into the tree:
  
- Coverage files
  
- More object and library patterns
  
- LLVM code
  
- Dependencies
  

  
Reviewed by David Steele (@dwsteele).

M .gitignore

Skip auditing of relations without permissions.

commit   : 455cde5ec3a4374b18ad551aaabe6d60761b6503    
  
author   : David Steele <david@pgmasters.net>    
date     : Thu, 1 Aug 2024 10:28:57 +0700    
  
committer: David Steele <david@pgmasters.net>    
date     : Thu, 1 Aug 2024 10:28:57 +0700    

Click here for diff

Relations without permissions should be skipped since they represent either optimizer artifacts or partitions. Normally they do not cause a problem, but in some cases they lack a distinct mem context and cause the stack to get out of sync. It is also more efficient to skip them and this solution is similar to what was done for PostgreSQL 16.  
  
This eliminates a duplicated log entry that was also fixed in PostgreSQL 16.  
  
Reported by @wzbnb001, Alexander Kukushkin (@CyberDem0n).  
Reviewed by Alexander Kukushkin (@CyberDem0n).  

M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

Update RHEL test container to Rocky Linux 8.

commit   : 50dd177cd74dae04cd9e52f65cd4077c55fb487e    
  
author   : David Steele <david@pgmasters.net>    
date     : Thu, 1 Aug 2024 10:05:24 +0700    
  
committer: David Steele <david@pgmasters.net>    
date     : Thu, 1 Aug 2024 10:05:24 +0700    

Click here for diff

CentOS 7 is EOL and has been removed from mirrors.  

M test/Dockerfile.rhel

Update Debian CI runner/container to Ubuntu 22.04.

commit   : cb6fe1fa305937df4f8e1ee9c4bf2627c9a35b34    
  
author   : David Steele <david@pgmasters.net>    
date     : Mon, 27 May 2024 09:54:56 +1000    
  
committer: David Steele <david@pgmasters.net>    
date     : Mon, 27 May 2024 09:54:56 +1000    

Click here for diff

M .github/workflows/test.yml
M test/Dockerfile.debian

Add PostgreSQL 17 to supported versions in documentation.

commit   : b951581949b5fb8cadb3c86de06046fe53972c0b    
  
author   : David Steele <david@pgmasters.net>    
date     : Mon, 27 May 2024 09:37:54 +1000    
  
committer: David Steele <david@pgmasters.net>    
date     : Mon, 27 May 2024 09:37:54 +1000    

Click here for diff

M README.md

Update GitHub test check action version to 4.

commit   : 4f76acb058fed2fff78885ca0ea6b2d0534941fb    
  
author   : David Steele <david@pgmasters.net>    
date     : Sat, 18 May 2024 09:19:58 +1000    
  
committer: David Steele <david@pgmasters.net>    
date     : Sat, 18 May 2024 09:19:58 +1000    

Click here for diff

Version 3 is now deprecated.  

M .github/workflows/test.yml

commit   : 04786314afd0f61da51375e1860590f019553103    
  
author   : David Youatt <david.youatt@crunchydata.com>    
date     : Thu, 18 Jan 2024 03:51:51 -0800    
  
committer: David Steele <david@pgmasters.net>    
date     : Thu, 18 Jan 2024 03:51:51 -0800    

Click here for diff

M pgaudit.c

Remove key import for PGDG yum repository.

commit   : 65aa3eede154692269ff2349311052090f8e7701    
  
author   : David Steele <david@pgmasters.net>    
date     : Thu, 18 Jan 2024 09:17:23 -0300    
  
committer: David Steele <david@pgmasters.net>    
date     : Thu, 18 Jan 2024 09:17:23 -0300    

Click here for diff

For a production system it makes sense to separately import and verify the key but it seems overkill for test systems.  

M test/Dockerfile.rhel

Correction to log_statement_once documentation.

commit   : f6a1278991f60d3d20c11b5ff1829b195dac5954    
  
author   : Valerie Parham-Thompson <16852807+dataindataout@users.noreply.github.com>    
date     : Fri, 1 Dec 2023 11:56:45 -0500    
  
committer: David Steele <david@pgmasters.net>    
date     : Fri, 1 Dec 2023 11:56:45 -0500    

Click here for diff

Change "disabled" to "enabled" since the current documentation for log_statement_once has this backwards.

M README.md
M pgaudit.c

Remove PostgreSQL 11 from supported versions in documentation.

commit   : cb49146efa232747d3237d94c9ddeae7d4e61e93    
  
author   : David Steele <david@pgmasters.net>    
date     : Fri, 1 Dec 2023 13:48:30 -0300    
  
committer: David Steele <david@pgmasters.net>    
date     : Fri, 1 Dec 2023 13:48:30 -0300    

Click here for diff

M README.md

Update supported versions in documentation.

commit   : 573d30ac46040be07bb3e90ca97666978834eacf    
  
author   : David Steele <david@pgmasters.net>    
date     : Tue, 5 Sep 2023 15:26:44 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Tue, 5 Sep 2023 15:26:44 -0400    

Click here for diff

M README.md

Update RHEL CI container to work with aarch64.

commit   : ea87298391ba398307270c66760116c032b1bfba    
  
author   : David Steele <david@pgmasters.net>    
date     : Tue, 5 Sep 2023 12:28:31 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Tue, 5 Sep 2023 12:28:31 -0400    

Click here for diff

M test/Dockerfile.rhel

Fix typos.

commit   : 2ad3a40130759f05782278e215ab9d3070c74b96    
  
author   : David Steele <david@pgmasters.net>    
date     : Fri, 9 Jun 2023 18:18:27 +0300    
  
committer: David Steele <david@pgmasters.net>    
date     : Fri, 9 Jun 2023 18:18:27 +0300    

Click here for diff

M pgaudit.c

Update Github action/checkout to new version.

commit   : e0005d40b4da004e3d05ca1a412441ab20b68c7f    
  
author   : David Steele <david@pgmasters.net>    
date     : Thu, 27 Apr 2023 22:31:50 +0300    
  
committer: David Steele <david@pgmasters.net>    
date     : Thu, 27 Apr 2023 22:31:50 +0300    

Click here for diff

This removes the deprecation warning.  

M .github/workflows/test.yml

Explicitly install pg_statements in Makefile.

commit   : 67dbedd7c24413e162b85dba1551ad3737c7f673    
  
author   : David Steele <david@pgmasters.net>    
date     : Thu, 27 Apr 2023 22:18:23 +0300    
  
committer: David Steele <david@pgmasters.net>    
date     : Thu, 27 Apr 2023 22:18:23 +0300    

Click here for diff

This is required by in-tree builds and is ignored by CI.  

M Makefile

commit   : a939dde0053e809a43150a5b5474c890af9a0811    
  
author   : David Youatt <youattdp@gmail.com>    
date     : Wed, 4 Jan 2023 01:31:31 -0800    
  
committer: David Steele <david@pgmasters.net>    
date     : Wed, 4 Jan 2023 01:31:31 -0800    

Click here for diff

M pgaudit.c

Add caveat about auditing the superuser.

commit   : 5490db2bfd60a1e1748b58de2d52af9b7d87b447    
  
author   : David Steele <david@pgmasters.net>    
date     : Tue, 14 Jun 2022 13:35:50 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Tue, 14 Jun 2022 13:35:50 -0400    

Click here for diff

M README.md

Documentation updates for PostgreSQL 15 release.

commit   : 41b4f0b93c225c25f8bf0678bd9d476e34c3b5f0    
  
author   : David Steele <david@pgmasters.net>    
date     : Mon, 13 Jun 2022 16:32:45 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Mon, 13 Jun 2022 16:32:45 -0400    

Click here for diff

M README.md

Documentation updates missed in PostgreSQL 14 release.

commit   : 106fbddf04a4501ef37a2a2108bcfd72ed19145b    
  
author   : David Steele <david@pgmasters.net>    
date     : Mon, 13 Jun 2022 16:12:24 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Mon, 13 Jun 2022 16:12:24 -0400    

Click here for diff

M README.md

Add explanation why `CREATE EXTENSION` is required.

commit   : b2846d476da1ceb690e691c73bb68c7d544187f7    
  
author   : Yuli <yuli@crunchydata.com>    
date     : Mon, 13 Jun 2022 15:41:22 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Mon, 13 Jun 2022 15:41:22 -0400    

Click here for diff

M README.md

Explicitly grant permissions on public schema in expect script.

commit   : b0e4e1a8e436c8f04c40b5b7edbcddc40e960db4    
  
author   : David Steele <david@pgmasters.net>    
date     : Mon, 13 Jun 2022 14:00:26 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Mon, 13 Jun 2022 14:00:26 -0400    

Click here for diff

PostgreSQL >= 15 does not automatically grant rights on the public schema.  
  
It makes sense to back patch this to older versions to minimize differences in the script.  

M expected/pgaudit.out
M sql/pgaudit.sql

Reorder container scripts for more efficient builds across versions.

commit   : 50de22dc1bf43ace1b86b60f0cd9f9b05cbc15e4    
  
author   : David Steele <david@pgmasters.net>    
date     : Mon, 13 Jun 2022 12:54:31 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Mon, 13 Jun 2022 12:54:31 -0400    

Click here for diff

M test/Dockerfile.debian
M test/Dockerfile.rhel

Fix typo in pgaudit.role help.

commit   : 6b768a63ef0f6c64984dbd5644dd9b6fe89cef36    
  
author   : tjjcarroll <tjjcarroll@hotmail.com>    
date     : Wed, 4 May 2022 15:35:10 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Wed, 4 May 2022 15:35:10 -0400    

Click here for diff

M pgaudit.c